In the Linux kernel, the following vulnerability has been resolved:
comedi: ni_atmio16d: Fix invalid clean-up after failed attach
If the driver's COMEDI "attach" handler function (atmio16d_attach())
returns an error, the COMEDI core will call the driver's "detach"
handler function (atmio16d_detach()) to clean up. This calls
reset_atmio16d() unconditionally, but depending on where the error
occurred in the attach handler, the device may not have been
sufficiently initialized to call reset_atmio16d(). It uses
dev->iobase as the I/O port base address and dev->private as the
pointer to the COMEDI device's private data structure. dev->iobase
may still be set to its initial value of 0, which would result in
undesired writes to low I/O port addresses. dev->private may still be
NULL, which would result in null pointer dereferences.
Fix atmio16d_detach() by checking that dev->private is valid
(non-null) before calling reset_atmio16d(). This implies that
dev->iobase was set correctly since that is set up before
dev->private.